Home » » Researcher exposes VirtualBox zero-day vulnerability

Researcher exposes VirtualBox zero-day vulnerability

No comments

A Russian security researcher fed up with the current state of infosec has published details about a zero-day vulnerability affecting Oracle's popular virtual machine software VirtualBox without first informing the company.

Saint Petersburg-based researcher Sergey Zelenyuk discovered a chain of bugs that can allow malicious code to escape from a VirtualBox virtual machine and execute on the host operating system.

Once the code has escaped out of the VirtualBox VM, it runs in the OS' limited userspace on kernel ring 3. However, Zelenyuk noted that attackers could make use of known private escalation bugs to gain kernel-level access on ring zero.

He provided more details on the text file detailing the zero-day vulnerability that he uploaded on GitHub to ZDNet, saying:

"The exploit is 100% reliable. It means it either works always or never because of mismatched binaries or other, more subtle reasons I didn't account." 

Scope and severity of the vulnerability

According to Zelenyuk, the zero-day vulnerability affects all current VirtualBox releases and can be executed regardless of the host or guest operating system a user is running. It is also reliable against the default configuration of newly created VMs.

While the zero-day is not considered a threat to cloud hosting environments because they use a Type-1 hypervisor as opposed to the Type-2 hypervisor used by Virtual Box, security researchers are concerned because Oracle's VM software is used regularly for malware analysis and reverse engineering.

Malware creators could embed the zero-day's exploit chain inside malware strains with the intention that it would escape from VirtualBox VMs and infect researchers' operating systems.

Security researcher at Tripwire, Craig Young provided further insight on the zero-day vulnerability, saying:

“The vulnerability is in the implementation of a virtual Intel E1000 compatible network adapter. The write-up demonstrates how an attacker with permissions to load Linux kernel modules in a Virtual Box guest environment can achieve low-privileged code execution on the host OS which can then be elevated to gain administrative access to the host. Anyone using Virtual Box for accessing untrusted content (malware analysts for example) should immediately review their machine profiles and at least temporarily discontinue use of the E1000 device in favor of the PCNET adapter. Users should avoid running any less than trustworthy applications in any Virtual Box environment with E1000 enabled until Oracle is able to release a fix.”

Via ZDNet



from TechRadar - All the latest technology news https://ift.tt/2qAepqx
Share:

Related Posts:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us